Wiki

Page

User

Connecting to the UCC VPN allows you access to internal resources that are normally firewalled off.

There are two currently working VPN methods - OpenVPN and the IPsec VPN. The old PPTP VPN is deprecated.

The IPsec VPN is the easiest to use on Windows and is authenticated using your UCC username and password, however since [FVP] was not able to get it working by following the instructions below, he went and set up OpenVPN as well.

OpenVPN

To connect to the UCC OpenVPN server, you will need to ask a wheel member to generate a client configuration with valid certificates.

This can be done by running USER="<username>"; ssh root@murasoi "/etc/openvpn/server/uccvpn/client-gen-conf.sh $USER" > openvpn-config-$USER.conf.

The resulting config file contains all the necessary information to connect to the VPN. Note: client certificates and corresponding private keys are stored in the file. Keep it safe.

Installation

Windows

You should be able to find OpenVPN GUI in the start menu somewhere. Run it.

Place any configuration files in C:\Program Files\OpenVPN\config\ or C:\Program Files (x86)\OpenVPN\config\. An submenu should appear in the context menu accessible via the OpenVPN GUI taskbar icon which lets you connect and disconnect from the VPN.

When installing strongSwan you will need to make some changes to the PKGBUILD of strongswan package as networkManager support is not enabled by default. In the PKGBUILD you will find the "depends" and "makedepends" lined and add 'libnm-glib' to the end of both lines so that it looks like this:

The XAuth/EAP authentication (IKEv1 and v2 respectively) is passed to the RADIUS server, which also handles accounting. select username, sum(acctinputoctets), sum(acctoutputoctets) from radacct where nasporttype='Virtual' group by username; will give you a nice sum of traffic over the VPN.